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Amendments to the Claims: 

This listing of claims replaces all prior versions and listings of claims in the application: 
Listing of Claims : 

1 . (Previously Presented) A method performed in a document management system of 
controlling access to an electronic document, comprising: 

receiving at a document management system a request from a first user for an electronic 
document at a first user location, the document management system storing a rendition of the 
electronic document in a document repository, the document management system maintaining a 
set of access policies for the electronic document, the set of access policies including access 
policies for a plurality of users, each user having an identity on the document management 
system, the document management system authenticating users based on the users' identities, the 
document having multiple renditions, the access policies applying to the document and the 
multiple renditions of the document; 

authenticating the first user at the document management system using the set of access 
policies for the electronic document; 

verifying that the first user is authorized to obtain the electronic document, and then 
passing an encrypted rendition of the electronic document to the first user; 

receiving at the document management system a request from a second user for access to 
the encrypted rendition, where the second user received the encrypted rendition from the first 
user; 

authenticating the second user at the document management system using the set of 
access policies to establish which operations the second user is allowed to perform on the 
encrypted rendition; 

creating, at the document management system, a voucher for accessing the encrypted 
rendition, the voucher including the set of access policies for controlling access to the encrypted 
rendition of the electronic document, the voucher further including an electronic key operable to 
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decrypt the encrypted rendition of the electronic document; and 

passing the electronic voucher to the second user located at a second user location. 

2. (Original) The method of claim 1 , further comprising: 

creating, at the document management system, the encrypted rendition using the 
rendition that is stored in the document repository. 

3. (Original) The method of claim 1, wherein creating a voucher comprises: 

obtaining the set of access policies for the second user from an access control list that is 
associated with the electronic document; and 

including the obtained set of access policies in the electronic voucher. 

4. (Original) The method of claim 1, wherein the set of access policies for the electronic 
document identify one or more of the following operations: 

adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data into 
the rendition, exporting form data from the rendition, and transmitting the rendition to another 
user. 

5. (Previously Presented) The method of claim 1, where the set of access policies include: 

a list of application rights. 

6. (Original) The method of claim 1, further comprising: 

including expiration information in the electronic voucher prior to passing the electronic 
voucher to the second user location. 

7. (Original) The method of claim 6, wherein the expiration information includes one or more 

of: 

a predetermined number of access operations before the voucher expires, a particular 
time period before the voucher expires, and a particular time when the voucher expires. 
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8. (Currently Amended) The method of claim [[2]]J_, wherein: 

passing providing the encrypted rendition includes providing the encrypted rendition 
from a location other than the document repository. 

9. (Cancelled) 

10. (Original) The method of claim 1, wherein the rendition is a Portable Document Format 
document. 

11. (Original) The method of claim 1, further comprising: 

recording information relating to the request in an audit trail for the electronic document. 

12. (Original) The method of claim 1, wherein the first user and the second user are the same 
individual. 

13. (Original) The method of claim 1, wherein the first user location and the second user 
location are identical. 

14. (Previously Presented) A method of accessing an electronic document, comprising: 

requesting, from a document management system, access to an electronic document for a 
user at a user location, one or more renditions of the electronic document being stored in a 
document repository in the document management system, the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document, wherein requesting access to an electronic 
document for a user at a user location includes providing authentication information to 
authenticate the user to the document management system; 

receiving at the user location an electronic voucher from the document management 
system for the electronic document, the electronic voucher including a set of access policies for 
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accessing an encrypted rendition of the electronic document, the set of access policies including 
access policies for a plurality of users, and an electronic key operable to decrypt the encrypted 
rendition of the electronic document; and 

using the electronic key of the electronic voucher at the user location to decrypt the 
encrypted rendition of the electronic document according to the set of access policies for 
accessing the encrypted rendition of the electronic document. 

15. (Original) The method of claim 14, further comprising: 

determining whether the encrypted rendition of the electronic document is available at the 
user location; 

wherein, if it is determined that the encrypted rendition is available at the user location, 
requesting access includes: 

extracting from the encrypted rendition a reference to the document repository where one 
or more renditions of the electronic document are stored; and 

requesting access to the rendition from the document repository identified by the 
extracted reference. 

16. (Original) The method of claim 15, wherein: 

the encrypted rendition includes a document identifier and the reference to the document 
repository includes a path for accessing the document repository over a computer network; and 
requesting access includes: 

retrieving the document identifier and the path from the encrypted rendition; and 
sending an access request to the document repository specified by the retrieved path, the 
access request including the document identifier. 

17. (Cancelled) 

18. (Previously Presented) The method of claim 14, wherein the set of access policies include 
information indicating that a user at the user location is authorized to perform one or more of the 
following operations: 
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adding content to the electronic document, adding comments to the electronic document, 
applying a digital signature to the electronic document, saving the electronic document, printing 
the electronic document, importing form data into the electronic document, exporting form data 
from the electronic document, and transmitting the electronic document to another user. 

19. (Previously Presented) The method of claim 14, further comprising: 

verifying, at the user location, that one or more requested operations are allowed by the 
set of access policies for the electronic document. 

20. (Cancelled) 

21. (Original) The method of claim 14, wherein: 

the electronic voucher further includes a set of application rights, the application rights 
being operable to enable one or more disabled operations in an electronic document software 
application at the user location. 

22. (Original) The method of claim 14, wherein the rendition is a Portable Document Format 
document. 

23. (Original) The method of claim 14, further comprising: 

storing the received voucher at the user location. 

24. (Original) The method of claim 14, wherein receiving an electronic voucher comprises: 

determining whether an electronic voucher is stored locally at the user location; and 

if the electronic voucher is stored locally, retrieving the electronic voucher from the local 

storage; 

if the electronic voucher is not stored locally, requesting an electronic voucher from the 
document management system. 



25. (Original) The method of claim 14, further comprising: 

receiving an encrypted rendition of the electronic document. 
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26. (Original) The method of claim 14, wherein: 

the voucher includes expiration information including one or more of: a predetermined 
number of access operations before the voucher expires, a particular time period before the 
voucher expires, and a particular time when the voucher expires. 

27. (Previously Presented) A method for controlling access to an electronic document, 
comprising: 

receiving at a document management system a request from a user for access to an 
electronic document at a user location, a rendition of the electronic document being stored in a 
document repository in the document management system, the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document; 

authenticating the user at the document management system to verify that the user is 
authorized to access the electronic document; wherein, 

when the user is authorized to access the electronic document, 

creating, at the document management system, an encrypted rendition of the 
electronic document using the rendition of the electronic document that is stored in the document 
repository; 

creating, at the document management system, a voucher for accessing the 
encrypted rendition, the voucher including a set of access policies for controlling access to the 
encrypted rendition of the electronic document, the set of access policies including access 
policies for a plurality of users, the voucher further including an electronic key operable to 
decrypt an encrypted rendition of the electronic document; and 

passing the encrypted rendition of the electronic document and the electronic 
voucher to the user location. 
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28. (Previously Presented) A computer program product, tangibly embodied in a 
machine-readable storage device, for controlling access to an electronic document, comprising 
instructions operable to cause a programmable processor to: 

receive at a document management system a request from a first user for an electronic 
document at a first user location, the document management system storing a rendition of the 
electronic document in a document repository, the document management system maintaining a 
set of access policies for the electronic document, the set of access policies including access 
policies for a plurality of users, each user having an identity on the document management 
system, the document management system authenticating users based on the users' identities, the 
document having multiple renditions, the access policies applying to the document and the 
multiple renditions of the document; 

authenticate the first user at the document management system using the set of access 
policies for the electronic document; 

verify that the first user is authorized to obtain the electronic document, and then pass an 
encrypted rendition of the electronic document to the first user; 

receive at the document management system a request from a second user for access to 
the encrypted rendition, where the second user received the encrypted rendition from the first 
user; 

authenticate the second user at the document management system using the set of access 
policies to establish which operations the second user is allowed to perform on the encrypted 
rendition; 

create, at the document management system, a voucher for accessing the encrypted 
rendition, the voucher including the set of access policies for controlling access to the encrypted 
rendition of the electronic document, the voucher further including an electronic key operable to 
decrypt the encrypted rendition of the electronic document; and 

pass the electronic voucher to the second user located at a second user location. 

29. (Original) The computer program product of claim 28, further comprising instructions to: 

create, at the document management system, the encrypted rendition using the rendition 
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that is stored in the document repository. 

30. (Currently Amended) The computer program product of claim [[29]] 28, wherein the 
instructions to create a voucher comprise instructions to: 

obtain the set of access policies for the second user from an access control list that is 
associated with the electronic document; and 

include the obtained set of access policies in the electronic voucher. 

3 1 . (Currently Amended) The computer program product of claim [[29]] 28, wherein the set of 
access policies for the electronic document identify one or more of the following operations: 

adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data into 
the rendition, exporting form data from the rendition, and transmitting the rendition to another 



32. (Currently Amended) The computer program product of claim [[29]] 28, where the set of 
access policies include: 

a list of application rights. 

33. (Currently Amended) The computer program product of claim [[29]] 28, further comprising 
instructions to: 

include expiration information in the electronic voucher prior to passing the electronic 
voucher to the second user location. 

34. (Original) The computer program product of claim 33, wherein the expiration information 
includes one or more of: 

a predetermined number of access operations before the voucher expires, a particular 
time period before the voucher expires, and a particular time when the voucher expires. 



user. 
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35. (Currently Amended) The computer program product of claim 28, wherein: 

the instructions to provid e pass the encrypted rendition include instructions to provide the 
encrypted rendition from a location other than the document repository. 

36. (Cancelled) 

37. (Original) The computer program product of claim 28, wherein the rendition is a Portable 
Document Format document. 

38. (Original) The computer program product of claim 28, further comprising instructions to: 

record information relating to the request in an audit trail for the electronic document. 

39. (Original) The computer program product of claim 28, wherein the first user and the second 
user are the same individual. 

40. (Original) The computer program product of claim 28, wherein the first user location and 
the second user location are identical. 

41 . (Previously Presented) A computer program product, tangibly embodied in a 
machine-readable storage device, for accessing an electronic document, comprising instructions 
operable to cause a programmable processor to: 

request, from a document management system, access to an electronic document for a 
user at a user location, one or more renditions of the electronic document being stored in a 
document repository in the document management system, the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document, wherein requesting access to an electronic 
document for a user at a user location includes providing authentication information to 
authenticate the user to the document management system; 
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receive at the user location an electronic voucher from the document management system 
for the electronic document, the electronic voucher including a set of access policies for 
accessing the encrypted rendition of the electronic document, the set of access policies including 
access policies for a plurality of users, and an electronic key operable to decrypt the encrypted 
rendition of the electronic document; and 

use the electronic key of the electronic voucher at the user location to decrypt the 
encrypted rendition of the electronic document according to the set of access policies for 
accessing the encrypted rendition of the electronic document. 

42. (Original) The computer program product of claim 41, further comprising instructions to: 

determine whether the encrypted rendition of the electronic document is available at the 
user location; 

wherein, if it is determined that the encrypted rendition is available at the user location, 
requesting access includes instructions to: 

extract from the encrypted rendition a reference to the document repository where one or 
more renditions of the electronic document are stored; and 

request access to the rendition from the document repository identified by the extracted 
reference. 

43. (Original) The computer program product of claim 42, wherein: 

the encrypted rendition includes a document identifier and the reference to the document 
repository includes a path for accessing the document repository over a computer network; and 
the instructions to request access include instructions to: 
retrieve the document identifier and the path from the encrypted rendition; and 
send an access request to the document repository specified by the retrieved path, the 
access request including the document identifier. 

44. (Cancelled) 

45. (Previously Presented) The computer program product of claim 41, wherein the set of 
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access policies include information indicating that a user at the user location is authorized to 
perform one or more of the following operations: 

adding content to the electronic document, adding comments to the electronic document, 
applying a digital signature to the electronic document, saving the electronic document, printing 
the electronic document, importing form data into the electronic document, exporting form data 
from the electronic document, and transmitting the electronic document to another user. 

46. (Previously Presented) The computer program product of claim 41, further comprising 
instructions to: 

verify, at the user location, that one or more requested operations are allowed by the set 
of access policies for the electronic document. 

47. (Cancelled) 

48. (Original) The computer program product of claim 41, wherein: 

the electronic voucher further includes a set of application rights, the application rights 
being operable to enable one or more disabled operations in an electronic document software 
application at the user location. 

49. (Original) The computer program product of claim 41, wherein the rendition is a Portable 
Document Format document. 

50. (Original) The computer program product of claim 41, further comprising instructions to: 

store the received voucher at the user location. 

5 1 . (Original) The computer program product of claim 41 , wherein the instructions to receive 
an electronic voucher comprise instructions to: 

determine whether an electronic voucher is stored locally at the user location; and 
if the electronic voucher is stored locally, retrieving the electronic voucher from the local 
storage; 

if the electronic voucher is not stored locally, request an electronic voucher from the 
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document management system. 

52. (Original) The computer program product of claim 41, further comprising instructions to: 

receive an encrypted rendition of the electronic document. 

53. (Original) The computer program product of claim 41, wherein: 

the voucher includes expiration information including one or more of: a predetermined 
number of access operations before the voucher expires, a particular time period before the 
voucher expires, and a particular time when the voucher expires. 
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54. (Previously Presented) A computer program product, tangibly embodied in a 
machine-readable storage device, for controlling access to an electronic document, comprising 
instructions operable to cause a programmable processor to: 

receive at a document management system a request from a user for access to an 
electronic document at a user location, a rendition of the electronic document being stored in a 
document repository in the document management system, the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document; 

authenticate the user at the document management system to verify that the user is 
authorized to access the electronic document; wherein, 

when the user is authorized to access the electronic document, 

create, at the document management system, an encrypted rendition of the 
electronic document using the rendition of the electronic document that is stored in the document 
repository; 

create, at the document management system, a voucher for accessing the 
encrypted rendition, the voucher including a set of access policies for controlling access to the 
encrypted rendition of the electronic document, the set of access policies including access 
policies for a plurality of users, the voucher further including an electronic key operable to 
decrypt an encrypted rendition of the electronic document; and 

pass the encrypted rendition of the electronic document and the electronic 
voucher to the user location. 



Applicant : Bill Shapiro et al. Attorney's Docket No. 07844-609001 

Serial No. : 10/659,874 

Filed : September 9, 2003 

Page : 15 



55. (Previously Presented) A system, comprising: 

means for receiving at a document management system a request from a first user for an 
electronic document at a first user location, the document management system storing a rendition 
of the electronic document in a document repository, the document management system 
maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document; 

means for authenticating the first user at the document management system using the set 
of access policies for the electronic document, 

means for verifying that the first user is authorized to obtain the electronic document, and 
then passing an encrypted rendition of the electronic document to the first user; 

means for receiving at the document management system a request from a second user 
for access to the encrypted rendition, where the second user received the encrypted rendition 
from the first user; 

means for authenticating the second user at the document management system using the 
set of access policies to establish which operations the second user is allowed to perform on the 
encrypted rendition; 

means for creating, at the document management system, a voucher for accessing the 
encrypted rendition, the voucher including the set of access policies for controlling access to the 
encrypted rendition of the electronic document, the voucher further including an electronic key 
operable to decrypt the encrypted rendition of the electronic document; and 

means for passing the electronic voucher to the second user located at a second user 
location. 

56. (Previously Presented) The system of claim 55, Further comprising: 

means for creating, at the document management system, the encrypted rendition using 
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the rendition that is stored in the document repository. 

57. (Previously Presented) The system of claim 55, wherein creating a voucher comprises: 

obtaining the set of access policies for the second user from an access control list that is 
associated with the electronic document; and 

including the obtained set of access policies in the electronic voucher. 

58. (Previously Presented) The system of claim 55, wherein the set of access policies for the 
electronic document identify one or more of the following operations: 

adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data into 
the rendition, exporting form data from the rendition, and transmitting the rendition to another 
user. 

59. (Previously Presented) The system of claim 55, where the set of access policies include: 

a list of application rights. 

60. (Previously Presented) The system of claim 55, further comprising: 

means for including expiration information in the electronic voucher prior to passing the 
electronic voucher to the second user location. 

61 . (Previously Presented) The system of claim 60, wherein the expiration information includes 
one or more of: 

a predetermined number of access operations before the voucher expires, a particular 
time period before the voucher expires, and a particular time when the voucher expires. 

62. (Currently Amended) The system of claim [[56]] 55, wherein: 

passing providing the encrypted rendition includes providing the encrypted rendition 
from a location other than the document repository. 



63. (Previously Presented) The system of claim 55, wherein the rendition is a Portable 
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Document Format document. 

64. (Previously Presented) The system of claim 55, further comprising: 

means for recording information relating to the request in an audit trail for the electronic 
document. 

65. (Previously Presented) The system of claim 55, wherein the first user and the second user 
are the same individual. 

66. (Previously Presented) The system of claim 55, wherein the first user location and the 
second user location are identical. 

67. (Previously Presented) A system, comprising: 

means for requesting, from a document management system, access to an electronic 
document for a user at a user location, one or more renditions of the electronic document being 
stored in a document repository in the document management system, the document 
management system maintaining a set of access policies for the electronic document, the set of 
access policies including access policies for a plurality of users each user having an identity on 
the document management system, the document management system authenticating users based 
on the users' identities, the document having multiple renditions, the access policies applying to 
the document and the multiple renditions of the document, wherein requesting access to an 
electronic document for a user at a user location includes providing authentication information to 
authenticate the user to the document management system; 

means for receiving at the user location an electronic voucher from the document 
management system for the electronic document, the electronic voucher including a set of access 
policies for accessing an encrypted rendition of the electronic document, the set of access 
policies including access policies for a plurality of users, and an electronic key operable to 
decrypt the encrypted rendition of the electronic document; and 

means for using the electronic key of the electronic voucher at the user location to 
decrypt the encrypted rendition of the electronic document according to the set of access policies 
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for accessing the encrypted rendition of the electronic document. 

68. (Previously Presented) The system of claim 67, further comprising: 

means for determining whether the encrypted rendition of the electronic document is 
available at the user location; 

wherein, if it is determined that the encrypted rendition is available at the user location, 
requesting access includes: 

extracting from the encrypted rendition a reference to the document repository where one 
or more renditions of the electronic document are stored; and 

requesting access to the rendition from the document repository identified by the 
extracted reference. 

69. (Previously Presented) The system of claim 68, wherein: 

the encrypted rendition includes a document identifier and the reference to the document 
repository includes a path for accessing the document repository over a computer network; and 
requesting access includes: 

retrieving the document identifier and the path from the encrypted rendition; and 
sending an access request to the document repository specified by the retrieved path, the 
access request including the document identifier. 

70. (Previously Presented) The system of claim 67, wherein the set of access policies include 
information indicating that a user at the user location is authorized to perform one or more of the 
following operations: 

adding content to the electronic document, adding comments to the electronic document, 
applying a digital signature to the electronic document, saving the electronic document, printing 
the electronic document, importing form data into the electronic document, exporting form data 
from the electronic document, and transmitting the electronic document to another user. 

71. (Previously Presented) The system of claim 67, further comprising: 

means for verifying, at the user location, that one or more requested operations are 
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allowed by the set of access policies for the electronic document. 

72. (Previously Presented) The system of claim 67, wherein: 

the electronic voucher further includes a set of application rights, the application rights 
being operable to enable one or more disabled operations in an electronic document software 
application at the user location. 

73. (Previously Presented) The system of claim 67, wherein the rendition is a Portable 
Document Format document. 

74. (Previously Presented) The system of claim 67, further comprising: 

means for storing the received voucher at the user location. 

75. (Previously Presented) The system of claim 67, wherein receiving an electronic voucher 
comprises: 

determining whether an electronic voucher is stored locally at the user location; and 

if the electronic voucher is stored locally, retrieving the electronic voucher from the local 

storage; 

if the electronic voucher is not stored locally, requesting an electronic voucher from the 
document management system. 

76. (Previously Presented) The system of claim 67, further comprising: 

means for receiving an encrypted rendition of the electronic document. 

77. (Previously Presented) The system of claim 67, wherein: 

the voucher includes expiration information including one or more of: a predetermined 
number of access operations before the voucher expires, a particular time period before the 
voucher expires, and a particular time when the voucher expires. 

78. (Previously Presented) A system, comprising: 

means for receiving at a document management system a request from a user for access 
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to an electronic document at a user location, a rendition of the electronic document being stored 
in a document repository in the document management system, the document management 
system maintaining a set of access policies for the electronic document, the set of access policies 
including access policies for a plurality of users, each user having an identity on the document 
management system, the document management system authenticating users based on the users' 
identities, the document having multiple renditions, the access policies applying to the document 
and the multiple renditions of the document; 

means for authenticating the user at the document management system to verify that the 
user is authorized to access the electronic document; wherein, 

when the user is authorized to access the electronic document, the system further 
comprises: 

means for creating, at the document management system, an encrypted rendition 
of the electronic document using the rendition of the electronic document that is stored in the 
document repository; 

means for creating, at the document management system, a voucher for accessing 
the encrypted rendition, the voucher including a set of access policies for controlling access to 
the encrypted rendition of the electronic document, the set of access policies including access 
policies for a plurality of users, the voucher further including an electronic key operable to 
decrypt an encrypted rendition of the electronic document; and 

means for passing the encrypted rendition of the electronic document and the 
electronic voucher to the user location. 



